General
-
Target
WaveBypasser.exe
-
Size
53.1MB
-
Sample
241015-1ac92sxgre
-
MD5
adeb13ed4be55e7843db3a23ca09837a
-
SHA1
c91d0cc7184de97a4d9221d36ec0abe1ebed0ffd
-
SHA256
4270cf9684c5839b360fc33c9a8101e40f2f4c768a8ce55b4b0e0236a1bb7082
-
SHA512
298cfb6d54db45019e460f13ab52f7e2b03c44c2c2f3a5c71130d64a048fc7b74f12c3c1e990295ab7182247bd819b03cd3c09e8ab26109fa0dc37ea26649a51
-
SSDEEP
786432:fiIZWeEw7SQqMoknvNpA+vIlo0FdGgBQJbTiumfSXdZESWqEIBBwW2HK3EE:amEweQqMrlpA+Ql4pxTivfS4qrBB1UE
Static task
static1
Behavioral task
behavioral1
Sample
WaveBypasser.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
WaveBypasser.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
loader-o.pyc
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
loader-o.pyc
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
WaveBypasser.exe
-
Size
53.1MB
-
MD5
adeb13ed4be55e7843db3a23ca09837a
-
SHA1
c91d0cc7184de97a4d9221d36ec0abe1ebed0ffd
-
SHA256
4270cf9684c5839b360fc33c9a8101e40f2f4c768a8ce55b4b0e0236a1bb7082
-
SHA512
298cfb6d54db45019e460f13ab52f7e2b03c44c2c2f3a5c71130d64a048fc7b74f12c3c1e990295ab7182247bd819b03cd3c09e8ab26109fa0dc37ea26649a51
-
SSDEEP
786432:fiIZWeEw7SQqMoknvNpA+vIlo0FdGgBQJbTiumfSXdZESWqEIBBwW2HK3EE:amEweQqMrlpA+Ql4pxTivfS4qrBB1UE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
loader-o.pyc
-
Size
63KB
-
MD5
8de2b2c9af7704e4c2ba5a86f94a216b
-
SHA1
ff16489804fc2708ec5091f996a3186d7caf7d74
-
SHA256
9317d8ca4325112f32d959f94de7b5a3e9df47f4ea29cda9b6546b9129e759e0
-
SHA512
cdb5119edecec96f95463b56720c1cb90f41d42ae331f81e302e3daccc457fe2476e73e6e1b8a16a80b97dd7e02c4a3c9900616439278e8ef35794455c2f1484
-
SSDEEP
768:XSRsdpf+li6q7MTvZUwxbKnV5qmd49qrwcMdmgug4FCbTfqf3:XSR0f+liaTvZZs5iIrquHCbOf3
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3